cargo audit crashing - only - during GitHub Action workflow

[suchapalaver]

Hi, I hope someone can help me. I'm really stuck. My application runs cargo-checkmate in CI as a GitHub Actions workflow and is crashing while calling smartstring-0.2.10/src/inline.rs:41 during the cargo audit stage:

Run cargo-checkmate audit
  cargo-checkmate audit
  shell: /usr/bin/bash -e {0}
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 488 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (522 crate dependencies)
The application panicked (crashed).
Message:  assertion failed: len <= MAX_INLINE
Location: /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/smartstring-0.2.10/src/inline.rs:41

Can anyone help me understand why cargo-audit is crashing and what I might look at to try to debug my problem, please? I still don't understand how to track down the transitive dependency on the non-latest version of smartstring. Someone here suggested that was the issue.
Locally, my application passes all cargo-checkmate and cargo-audit checks, regardless of whether I set my rust tool chain to stable or beta, having updated to the latest versions as of writing.
Here's a RUST_BACKTRACE from the GitHub workflow:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
                          (8 post panic frames hidden)                          
 8: core::panicking::panic::h341545107301821d
    at /rustc/fc594f15669680fa70d255faec3ca3fb507c3405/library/core/src/panicking.rs:111
 9: smartstring::inline::InlineString::as_str::h2f436ff3a0499514
    at <unknown source file>
10: <crates_index::Dependency as core::hash::Hash>::hash::h75ca30c41649ca5e
    at <unknown source file>
11: <alloc::sync::Arc<T> as core::hash::Hash>::hash::h18591eafbb654c18
    at <unknown source file>
12: core::hash::BuildHasher::hash_one::h9d15d8789e7bfe25
    at <unknown source file>
13: crates_index::Crate::from_slice::h32a2c259f4ed0e40
    at <unknown source file>
14: crates_index::Index::crate_::hfde629462100dfa9
    at <unknown source file>
15: rustsec::registry::Index::find::h3df6d0baf318d121
    at <unknown source file>
16: cargo_audit::auditor::Auditor::audit::h6bb94a7d7fec80fa
    at <unknown source file>
17: <cargo_audit::commands::audit::AuditCommand as abscissa_core::runnable::Runnable>::run::h82fe50a3d086b018
    at <unknown source file>
18: abscissa_core::application::Application::run::h0fdf1ee0b4a92fc1
    at <unknown source file>

Thanks for any help.

[tarcieri]

This looks like an error occurring within the crates-index crate, a (transitive) dependency of cargo-audit.

I'd suggest opening an issue on their repo and posting that backtrace.

[suchapalaver]

Thanks for the quick reply. I've followed your suggestion.

[tarcieri]

Linking the issue for posterity: frewsxcv/rust-crates-index#92

[Shnatsel]

Should be fixed in rustsec 0.26.5